1d6118acc27204ce91df6539b07f4144d344a061fb3818865607789b7ca1787c

Analysis

max time kernel
115s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 11:18

Target

a5e39edc04588aec600f0c816b1160a0N.exe
Size

73KB
MD5

a5e39edc04588aec600f0c816b1160a0
SHA1

fb2144e6c341894052b0578cba1d55582379474d
SHA256

1d6118acc27204ce91df6539b07f4144d344a061fb3818865607789b7ca1787c
SHA512

c8f77e3bc6c2c49c0fcdf58a29424bfa11e98e18d49c3c5d54303f7269eae363d150478b4e24f3af4a71a0c7e6bed8eded29a1cebe008d9978ea3cf131ea2e0a
SSDEEP

1536:hbcGAJK5QPqfhVWbdsmA+RjPFLC+e5he0ZGUGf2g:hAXJNPqfcxA+HFsheOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
876	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 768	3444	a5e39edc04588aec600f0c816b1160a0N.exe	86
PID 3444 wrote to memory of 768	3444	a5e39edc04588aec600f0c816b1160a0N.exe	86
PID 3444 wrote to memory of 768	3444	a5e39edc04588aec600f0c816b1160a0N.exe	86
PID 768 wrote to memory of 876	768	cmd.exe	87
PID 768 wrote to memory of 876	768	cmd.exe	87
PID 768 wrote to memory of 876	768	cmd.exe	87
PID 876 wrote to memory of 4768	876	[email protected]	88
PID 876 wrote to memory of 4768	876	[email protected]	88
PID 876 wrote to memory of 4768	876	[email protected]	88

C:\Users\Admin\AppData\Local\Temp\a5e39edc04588aec600f0c816b1160a0N.exe
"C:\Users\Admin\AppData\Local\Temp\a5e39edc04588aec600f0c816b1160a0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:768
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:876
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:4768

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
c1f18ce805145a7277b4422688bc3bcd

SHA1
c4beb4a4217f0d25edff4bf1b089f952723ca98a

SHA256
257b145caa490e58e65248fd6e4ed0f0f01d196b7277f0edf706a1088627f959

SHA512
3469b702b5c7a336b52aa961b736cb4fbcb9f61bc8dadc7eafe89d1379af74fe0ff4dc5124e1cdf7c0f18744f6fe48ed998f917a2995607fdec8e0f6a304fca9

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/876-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3444-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download